Skip to main content

Pure-python implementation of the SHA2 crypt(3) functions

Project description

# python-crypt [![Build Status](https://travis-ci.org/thusoy/python-crypt.svg?branch=master)](https://travis-ci.org/thusoy/python-crypt)

Pure-python implementation of the crypt(3) SHA2 functions.

Useful for creating crypt-compatible hashes from non-*nixes (like Windows
and OS X), like when creating password hashes to initialize a *nix server
with.


## Install

$ pip install pcrypt


## Usage

API is identical to the [built-in crypt](https://docs.python.org/3.5/library/crypt.html) module on *nix:

>>> import pcrypt, getpass
>>> print(pcrypt.crypt(getpass.getpass()))
$6$tyjS23QPnY6k37iD$7oM9nObOVQUQ<...>/x7VKbuiyqgT81

If you want to override the number of rounds used for hashing, you can specify the parameter `rounds` to crypt:

>>> print(pcrypt.crypt(getpass.getpass(), rounds=50000))
$6$rounds=50000$FEkeiFqoGiU6Bd3v$6jn8ZZ<...>uXKvs7XAbp.

The default number of rounds is 5000, same as for crypt(3).

To use SHA256 instead of the default SHA512:

>>> print(pcrypt.crypt(getpass.getpass(), pcrypt.METHOD_SHA256))
$5$Zcxyug8MUozUjGIQ$yqvzOQR<...>pnLMvpOhhmrOWfn5

If the second argument is given it must be either an existing salt string matching the
format `$<algo>$(rounds=<rounds>$)?<salt>($<hash>)?`, or one of `pcrypt.METHOD_SHA256`
or `pcrypt.METHOD_SHA512`.

Without specifying salt manually the module will generate a new salt and use
the strongest hash function available.

As a little extra nugget, there's also a handy CLI to quickly generate a hash:

$ pcrypt -h
usage: pcrypt [-h] [-r ROUNDS] [-a {sha256,sha512}] [-s]

Compute a password hash for SHA256/SHA512 in crypt(3)-compatible format.
Password will be prompted for.

optional arguments:
-h, --help show this help message and exit
-r ROUNDS, --rounds ROUNDS
How many rounds of hashing to perform. More rounds are
slower, making it harder to reverse a hash through
brute force. Default: 5000
-a {sha256,sha512}, --algo {sha256,sha512}
Which algorithm to use. Default: sha512
-s, --single-prompt Don't ask to repeat the password

**NB**: You'd probably guess from this being a pure-python implementation of a compute-heavy operation, but I just have to say this explicitly: Do not use this for performance-critical applications! Performance is roughly five orders of magnitude slower than the plain C version.

Change log
==========

[1.0.5] - 2018-01-12
--------------------

### Fixed
- Only print trailing newline in cli when writing to a tty.


[1.0.4] - 2016-02-08
--------------------

### Added
- Passwords can now be piped in to the pcrypt CLI.


[1.0.3] - 2015-12-19
--------------------

Practically first release.


[1.0.5]: https://github.com/thusoy/python-crypt/compare/v1.0.4...v1.0.5
[1.0.4]: https://github.com/thusoy/python-crypt/compare/v1.0.3...v1.0.4

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pcrypt-1.0.5.tar.gz (6.0 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page